XSS and Deserialization Chain Attack
Overview #
This attack was from HTB Cereal which performs a deserializaton attack. In order to execute the deserialization payload, an XSS payload must be triggered to bypass the IP restriction.
This attack also makes use of a forged JWT token.
The method here came from 0xdf writeup.